scalableminds · MichaelBuessemeyer · Oct 28, 2024 · Oct 21, 2024 · Oct 22, 2024 · Oct 22, 2024
diff --git a/CHANGELOG.unreleased.md b/CHANGELOG.unreleased.md
@@ -26,6 +26,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.released
 
 ### Fixed
 - Fixed a bug during dataset upload in case the configured `datastore.baseFolder` is an absolute path. [#8098](https://github.com/scalableminds/webknossos/pull/8098) [#8103](https://github.com/scalableminds/webknossos/pull/8103)
+- When trying to save an annotation opened via a link including a sharing token, the token is automatically discarded in case it is insufficient for update actions but the users token is. [#8139](https://github.com/scalableminds/webknossos/pull/8139)
 - Fixed that the skeleton search did not automatically expand groups that contained the selected tree [#8129](https://github.com/scalableminds/webknossos/pull/8129)
 - Fixed a bug that zarr streaming version 3 returned the shape of mag (1, 1, 1) / the finest mag for all mags. [#8116](https://github.com/scalableminds/webknossos/pull/8116)
 - Fixed sorting of mags in outbound zarr streaming. [#8125](https://github.com/scalableminds/webknossos/pull/8125)

diff --git a/frontend/javascripts/admin/api/token.ts b/frontend/javascripts/admin/api/token.ts
@@ -1,10 +1,12 @@
 import { location } from "libs/window";
 import Request from "libs/request";
 import * as Utils from "libs/utils";
+import Toast from "libs/toast";
 
 let tokenPromise: Promise<string>;
 
 let tokenRequestPromise: Promise<string> | null;
+let shouldUseURLToken: boolean = true;
 
 function requestUserToken(): Promise<string> {
   if (tokenRequestPromise) {
@@ -33,22 +35,48 @@ export function getSharingTokenFromUrlParameters(): string | null | undefined {
   return null;
 }
 
-export function doWithToken<T>(fn: (token: string) => Promise<T>, tries: number = 1): Promise<any> {
-  const sharingToken = getSharingTokenFromUrlParameters();
+function removeErrorToast(error: any) {
+  if ("errors" in error && Array.isArray(error.errors)) {
+    error.errors.forEach((errorText: string) => {
+      if (errorText.includes("Token may be expired")) {
+        Toast.close(errorText);
+      }
+    });
+  }
+}
+
+export async function doWithToken<T>(
+  fn: (token: string) => Promise<T>,
+  tries: number = 1,
+  useURLTokenIfAvailable: boolean = true,
+): Promise<any> {
+  let token =
+    useURLTokenIfAvailable && shouldUseURLToken ? getSharingTokenFromUrlParameters() : null;
 
-  if (sharingToken != null) {
-    return fn(sharingToken);
+  if (token == null) {
+    tokenPromise = tokenPromise == null ? requestUserToken() : tokenPromise;
+  } else {
+    tokenPromise = Promise.resolve(token);
   }
 
-  if (!tokenPromise) tokenPromise = requestUserToken();
-  return tokenPromise.then(fn).catch((error) => {
+  return tokenPromise.then(fn).catch(async (error) => {
     if (error.status === 403) {
       console.warn("Token expired. Requesting new token...");
       tokenPromise = requestUserToken();
 
       // If three new tokens did not fix the 403, abort, otherwise we'll get into an endless loop here
       if (tries < 3) {
-        return doWithToken(fn, tries + 1);
+        // If using the url sharing token failed, we try the user specific token instead.
+        const result = await doWithToken(fn, tries + 1, false);
+        // Upon successful retry with own token, discard the url token.
+        if (useURLTokenIfAvailable) {
+          shouldUseURLToken = false;
+          Toast.info(
+            "Initial request using the URL token failed. Your personal token will be used from now on.",
+          );
+          removeErrorToast(error);
+        }
+        return result;
       }
     }